Re: [Samba] Samba 4.6.5 Active Directory on CentOS
- Date: Mon, 3 Jul 2017 07:27:28 -0500
- From: John Schmerold via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba 4.6.5 Active Directory on CentOS
On 7/2/2017 3:30 AM, Rowland Penny via samba wrote:
Thanks for the spot-on advice. Jeff Bales' procedure was a great start,
needed a few tweaks. The server fully functioning as a DC, I was able to
get homes working by adding this bit of magic to [homes]:
root preexec = bash -c '[[ -d /home/%U ]] || mkdir -p -m 0700
/home/%U && chown %U:users /home/%U'
On Sat, 1 Jul 2017 17:12:30 -0500
John Schmerold via samba <samba@xxxxxxxxxxxxxxx> wrote:
I am using Jeff Bales' procedure for configuring SAMBA with Active
When everything is all said & done everything seems to work, but I am
not able to configure home directories because the users don't have
local Linux accounts - I suspect I need to bind Linux's user table to
Active Directory, but cannot seem to make this happen. Any advise?
I am using this to add users:
samba-tool user create user P@ssrod4 --uid=user --uid-number=10001
--gid-number=100 --unix-home=/home/user --home-directory=/home/user
--login-shell=/bin/bash --gecos='user' --given-name=Happy
Not much wrong with that howto, as far as it goes, apart from this step:
mv /etc/krb5.conf /etc/krb5.conf.bak
cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
Yes, you might want to make a copy of the original krb5.conf, but you
should do it after the provision and the krb5.conf it tells you to
copy is the wrong one. The last line is totally redundant anyway, it
tells you to copy the correct one after the provision.
Now for what is probably wrong with your DC:
The howto tells you start Samba by just running 'samba' , did this
actually work ? Probably not, because 'samba' will be
in /usr/local/samba/sbin and this will not be in your path.
The howto also doesn't tell you that if you want to use a DC as a
fileserver, you need to create a few links for libnss_winbind.so.
Without these links, getent etc will not work and you need them to work
to have Unix users (and no, you cannot have users in /etc/passwd and
AD, same goes for groups)
See here for howto create the links:
The howto also doesn't tell you that, on a DC, the 'unixHomeDirectory'
and 'loginShell' attributes are ignored. Once you have 'getent'
working, you will find that all your users have their Unix home
directories set to '/home/DOMAIN/username' and their shell will be
'/bin/false', see here for how to fix this:
Finally, [homes] doesn't work on a DC, see here:
I have this configured in a VMWare environment, so there is no reason
not to setup a separate DC, but that will have to keep for another day.
St Louis, MO
To unsubscribe from this list go to the following URL and read the